In the rapidly evolving landscape of digital payment systems, an eatery in Seremban, Malaysia, fell victim to a cunning scam that exploited the prevalence of QR codes. The incident, brought to light through a Facebook post on November 26, serves as a cautionary tale for businesses embracing digital transactions. The unsuspecting customer's attempt to pay for a meal using an e-wallet at Lucky Kitchen unraveled a sophisticated deception involving a pasted fake QR code leading to a wrong recipient.
The ordeal began when a vigilant patron scanned the QR code for payment and was directed to transfer funds to an account allegedly belonging to an individual named "Kway Hing Lai." The discrepancy between the recipient's name and the eatery's identity raised immediate suspicions. The eatery operator, Ms Loke Jingyi, was promptly alerted, uncovering a fake QR code strategically placed over the legitimate one.
Ms Loke, recounting the discovery, expressed her surprise upon finding that the fake QR code was concealing the genuine one. Upon scanning the fraudulent code, the payment recipient's name surfaced, diverging from the actual account the establishment used for transactions. The incident revealed the vulnerability of the QR payment standee, which had been positioned at the outlet's counter for convenience.
Fortunately, no one had utilized the Touch 'n Go e-wallet for payment that day, sparing the eatery from financial losses. The Touch 'n Go system utilizes Malaysia's DuitNow QR codes, facilitating payments for Malaysians and travelers from neighboring countries like Singapore, Thailand, and Indonesia through their respective bank accounts and e-wallets.
In a Facebook post, a friend of Ms Loke's shared the incident as a warning to fellow business owners engaging in digital transactions, aiming to shed light on this suspected scam and soliciting information about the elusive "Kway Hing Lai." The post also unearthed personal details, including an address, phone number, and photo purportedly associated with the swindler's Touch 'n Go account, which requires verification for usage.
Despite efforts to track down the alleged scammer, he remained elusive on the day of the incident. Social media users offered varying perspectives on the situation, with some urging the eatery to file a police report, while others speculated about the possibility of a practical joke designed to frame "Kway." Skepticism arose due to the boldness required for a scam that would unveil personal details upon QR code scanning.
For Ms Loke, the key takeaway is the importance of securing the QR payment standee out of reach from potential tampering. Additionally, she contemplates installing a speaker system to audibly announce each payment received, adding an extra layer of security. While acknowledging the potential inconvenience, Ms Loke emphasizes the proactive stance of prevention to avoid scenarios where customers pay, but the retailer does not receive the payment—a lose-lose situation.
As businesses navigate the increasingly digital landscape, tales of scams like these serve as critical reminders to stay vigilant, adopt preventive measures, and collectively contribute to creating a secure environment for digital transactions.
Kamran is a content creator under the Newswav Creator programme, where you get to express yourself, be a citizen journalist, and at the same time monetize your content & reach millions of users on Newswav. Log in to creator.newswav.com and become a Newswav Creator now!
The User Content (as defined on Newswav Terms of Use) above including the views expressed and media (pictures, videos, citations etc) were submitted & posted by the author. Newswav is solely an aggregation platform that hosts the User Content. If you have any questions about the content, copyright or other issues of the work, please contact Newswav.
